Risky Business ITRadio.com.au

Joe Slowik and Katie Nickels are guest co-hosts in this week’s edition of the show. They join Patrick Gray to talk about:


Mimecast having some stolen certificate, errr, “problems”
The confusing reports about JetBrains
Analysis of the malware used in the SolarWinds campaign
Australian man arrested in Germany and charged with running DarkMarket
The Great Deplatforming of 2021


This week’s show is brought to you by Gigamon.

If you’re a Gigamon shop you should really take a look at their ThreatInsight platform, that’s a no brainer. Even if you’re not, they’re real players in the network detection and response space. Joining us in this week’s sponsor interview is Jason Tesarz, a senior product manager for Gigamon ThreatInsight. He joined the show to talk about a few things, like how these days the NDR vendors are competing more around their workflows than trying to be the most comprehensive in detection.

Links to everything that we discussed are below and you can follow Patrick, Katie or Joe on Twitter if that’s your thing.

These Soap Box editions of the show are wholly sponsored. If that’s not your thing and you’re looking for the weekly news edition of the show, just scroll one show back in your feed.

This soap box edition is brought to you by AttackIQ. They make a Breach and Attack Simulation platform that’s designed to test the effectiveness of your security controls by simulating bad things in your environment.

Carl Wright and Jonathan Reiber are joining us in this edition of the show. These days he’s AttackIQ’s senior director of cybersecurity and strategy but he previously served as a former Chief Strategy Officer for Cyber Policy in the Office of the Secretary of Defense.

They joined the show to talk through their work in mapping NIST 800-53 to the MITRE ATT&CK framework. Enjoy!

On this week’s show, Patrick Gray talks to Joe Slowik and Dmitri Alperovitch about the APT campaign that impacted the US government and FireEye via SolarWinds’ supply chain.

Alex Stamos also joins the show to chime in more generally on supply chain interference before discussing some other news, like:


Apple losing (most of) its case against Corellium
Assange won’t be extradited… yet
Adobe has finally killed Flash, and killed it good


This week’s show is brought to you by Signal Sciences. In this week’s sponsor interview we’ll be talking to a Signal Sciences customer, Doug DePerry. He heads product security at the Gemini cryptocurrency exchange. We’ll be talking to him about what that’s like because those sort of outfits tend to attract decent attackers.

Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing.

On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:


FireEye’s Very Bad Week
Russian bears all up in your VMwares
Chris Krebs sues Trump campaign
Foxconn ransomware
So much more


Proofpoint’s Ryan Kalember is this week’s sponsor guest. He joins the show to talk about their rather different approach to DLP and insider threat detection. You may have noticed we don’t really talk about DLP a whole bunch on this show because it’s, well, really boring. But Proofpoint actually has an interesting approach to the problem that’s different enough to be interesting, so do stick around for that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Soap Box podcasts like this one are wholly sponsored. This edition of the Soap Box is brought to you by VMRay. They make a virtualised sandbox that initially found a market with DFIR professionals, but these days is being used for all sorts of things.

VMRay’s cofounders – CEO Carsten Willems and CTO Ralf Hund – joined host Patrick Gray to talk through the history of the sandbox tech arms race.

On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:


ORIGINAL: Ransomware insurance payouts are looking pretty unsustainable
Trump lawyer calls for Chris Krebs’ execution
Hunger relief charity loses $1m to BEC
Supreme court weighs CFAA
Much, much more!


This week’s sponsor interview is with Marc Rogers, Okta’s Executive Director of Cybersecurity. Marc is also heavily involved with the CTI League, a group of infosec professionals who banded together early this year to try to do some good. They’re cyber do gooders! They’ve chalked up some wins and helped out a bunch of organisations, and in the process Marc and his compadres have also been well positioned to observe changes in the ransomware landscape. He joins us in this week’s sponsor interview to talk through that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.